Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC unable to shut down and random programs opening


  • This topic is locked This topic is locked
26 replies to this topic

#1 scribes

scribes

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 07 January 2014 - 09:03 PM

PC unable to shut down and random programs opening

 

Several issues are happening with my desktop PC.

 

There is a random popup box that states - 'Windows can not find 'C:\Program Files\ AskPartnerNetwork\Toolbar\APNsetup.exe'.  Make sure you typed the name correctly, and then try again.  To search for a file, click Start button, and then click Search.

 

Then today my wife told me the PC started acting really weird.  She said random windows started popping open.  When she went to close it down, the PC would not let her.  Additionally, all her document links that she generally uses disappeared.  Since she could not shut it down correctly, she ended up hard powering it down.

 

This is the first time that it has been up and running since then, and I have it running in safe mode.

 

The desktop is running Windows XP Home Edition.

 

Any help would be greatly apprecaited!  Thank you!

 

The DDS.txt log follows:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Cory at 20:25:32 on 2014-01-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2226 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {36D04559-44B7-45E0-BA81-E1508FAB359F} - hxxp://unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157569214517
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364579031625
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://66.193.72.34/Remote/msrdp.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.net/xp/ScanFile.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.winkflash.com/photo/loaders/ImageUploader3.cab
DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} - hxxp://www.shockwave.com/content/reaxxion/sis/HLGLauncher.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.6.dll
FF - plugin: c:\docume~1\cory\applic~1\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\documents and settings\cory\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\overtheedge\unity\webplayer\loader\npUnityWeb32.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - %profile%\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-25 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-25 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-25 440376]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-7-25 1011768]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-7-26 168400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-25 90400]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-5-4 20480]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2011-5-4 167936]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-5-4 588032]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-1 29522]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2012-5-4 86528]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2012-5-4 14976]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2012-5-4 114304]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-17 12:52:06 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-11 15:52:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 15:52:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 15:10:19 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
.
============= FINISH: 20:27:57.01 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 AM

Posted 12 January 2014 - 09:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520046 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 scribes

scribes
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 13 January 2014 - 05:23 PM

I have been keeping this PC shutdown because of all the odd things it has been doing.  It is still acting really odd.  Running slow and still popping up the APNsetup.exe box.  Any help would be really apprecaited.  Should I also be attaching the attach.txt file again as well?

 

Thank you!

 

Below is the new DSS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Cory at 17:18:08 on 2014-01-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2235 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {36D04559-44B7-45E0-BA81-E1508FAB359F} - hxxp://unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157569214517
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364579031625
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://66.193.72.34/Remote/msrdp.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.net/xp/ScanFile.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.winkflash.com/photo/loaders/ImageUploader3.cab
DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} - hxxp://www.shockwave.com/content/reaxxion/sis/HLGLauncher.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E051970E-450F-4347-B019-4AEDD9D132AE} : DHCPNameServer = 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}\components\dtTransparency3.6.dll
FF - plugin: c:\docume~1\cory\applic~1\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\documents and settings\cory\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_25.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\overtheedge\unity\webplayer\loader\npUnityWeb32.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - %profile%\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-25 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-25 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-25 440376]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-7-25 1011768]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-7-26 168400]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-25 90400]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2011-5-4 20480]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-130 reve\WLSVC.exe [2011-5-4 167936]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-5-4 588032]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-1 29522]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2012-5-4 86528]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2012-5-4 14976]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2012-5-4 114304]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-17 12:52:06 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-11 15:52:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 15:52:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 15:10:19 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
.
============= FINISH: 17:20:04.71 ===============
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:00 AM

Posted 13 January 2014 - 05:34 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
 
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
     
    Having said that....   YBCQLm4.gif   Let's get going!!  
    ----------
     
    Sorry for any delay, but as you can see we are very busy.  Do you still need help?
    -------------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #5 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 13 January 2014 - 06:13 PM

    Jeff - Yes I would still appreciate your help.  Thank you!



    #6 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:00 AM

    Posted 13 January 2014 - 07:22 PM

    Ok....
     
    weVCzW0.jpg Please download TDSSKiller

    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    ----------
     

    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 13 January 2014 - 09:52 PM

    Thanks again Jeff.  Here are all the  logs:

     

    TDSSKiller:

     

    20:55:09.0951 0x0d5c  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
    20:55:25.0326 0x0d5c  ============================================================
    20:55:25.0326 0x0d5c  Current date / time: 2014/01/13 20:55:25.0326
    20:55:25.0326 0x0d5c  SystemInfo:
    20:55:25.0326 0x0d5c 
    20:55:25.0326 0x0d5c  OS Version: 5.1.2600 ServicePack: 3.0
    20:55:25.0326 0x0d5c  Product type: Workstation
    20:55:25.0326 0x0d5c  ComputerName: BLESSING-1
    20:55:25.0326 0x0d5c  UserName: Cory
    20:55:25.0326 0x0d5c  Windows directory: C:\WINDOWS
    20:55:25.0326 0x0d5c  System windows directory: C:\WINDOWS
    20:55:25.0326 0x0d5c  Processor architecture: Intel x86
    20:55:25.0326 0x0d5c  Number of processors: 1
    20:55:25.0326 0x0d5c  Page size: 0x1000
    20:55:25.0326 0x0d5c  Boot type: Normal boot
    20:55:25.0326 0x0d5c  ============================================================
    20:55:27.0607 0x0d5c  KLMD registered as C:\WINDOWS\system32\drivers\61329308.sys
    20:55:27.0685 0x0d5c  System UUID: {E3BD962E-E99D-E5B3-B4E8-2F25E400EE98}
    20:55:28.0420 0x0d5c  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:55:28.0466 0x0d5c  ============================================================
    20:55:28.0466 0x0d5c  \Device\Harddisk0\DR0:
    20:55:28.0466 0x0d5c  MBR partitions:
    20:55:28.0466 0x0d5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CB550DD
    20:55:28.0466 0x0d5c  ============================================================
    20:55:28.0498 0x0d5c  C: <-> \Device\Harddisk0\DR0\Partition1
    20:55:28.0498 0x0d5c  ============================================================
    20:55:28.0498 0x0d5c  Initialize success
    20:55:28.0498 0x0d5c  ============================================================
    20:55:42.0466 0x0e6c  ============================================================
    20:55:42.0466 0x0e6c  Scan started
    20:55:42.0466 0x0e6c  Mode: Manual;
    20:55:42.0466 0x0e6c  ============================================================
    20:55:42.0466 0x0e6c  KSN ping started
    20:55:56.0998 0x0e6c  KSN ping finished: true
    20:55:57.0701 0x0e6c  ================ Scan system memory ========================
    20:55:57.0701 0x0e6c  System memory - ok
    20:55:57.0701 0x0e6c  ================ Scan services =============================
    20:55:57.0810 0x0e6c  [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    20:55:57.0826 0x0e6c  !SASCORE - ok
    20:55:58.0013 0x0e6c  Abiosdsk - ok
    20:55:58.0045 0x0e6c  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    20:55:58.0060 0x0e6c  abp480n5 - ok
    20:55:58.0091 0x0e6c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:55:58.0107 0x0e6c  ACPI - ok
    20:55:58.0107 0x0e6c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:55:58.0123 0x0e6c  ACPIEC - ok
    20:55:58.0185 0x0e6c  [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    20:55:58.0201 0x0e6c  AdobeActiveFileMonitor5.0 - ok
    20:55:58.0295 0x0e6c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:55:58.0295 0x0e6c  AdobeFlashPlayerUpdateSvc - ok
    20:55:58.0326 0x0e6c  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    20:55:58.0341 0x0e6c  adpu160m - ok
    20:55:58.0373 0x0e6c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    20:55:58.0388 0x0e6c  aec - ok
    20:55:58.0420 0x0e6c  [ 023867B6606FBABCDD52E089C4A507DA, 30BE26F63B7EC6C9607AB46A97ACE83DD8140191D28BAB9E6292DA835A922289 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
    20:55:58.0435 0x0e6c  AegisP - ok
    20:55:58.0466 0x0e6c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    20:55:58.0482 0x0e6c  AFD - ok
    20:55:58.0498 0x0e6c  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
    20:55:58.0498 0x0e6c  agp440 - ok
    20:55:58.0513 0x0e6c  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    20:55:58.0529 0x0e6c  agpCPQ - ok
    20:55:58.0545 0x0e6c  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
    20:55:58.0545 0x0e6c  Aha154x - ok
    20:55:58.0560 0x0e6c  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    20:55:58.0576 0x0e6c  aic78u2 - ok
    20:55:58.0591 0x0e6c  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    20:55:58.0607 0x0e6c  aic78xx - ok
    20:55:58.0654 0x0e6c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    20:55:58.0670 0x0e6c  Alerter - ok
    20:55:58.0685 0x0e6c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
    20:55:58.0701 0x0e6c  ALG - ok
    20:55:58.0716 0x0e6c  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
    20:55:58.0716 0x0e6c  AliIde - ok
    20:55:58.0732 0x0e6c  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
    20:55:58.0748 0x0e6c  alim1541 - ok
    20:55:58.0763 0x0e6c  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
    20:55:58.0779 0x0e6c  amdagp - ok
    20:55:58.0810 0x0e6c  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
    20:55:58.0810 0x0e6c  amsint - ok
    20:55:58.0935 0x0e6c  [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    20:55:58.0951 0x0e6c  AntiVirSchedulerService - ok
    20:55:59.0013 0x0e6c  [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    20:55:59.0029 0x0e6c  AntiVirService - ok
    20:55:59.0091 0x0e6c  [ 29D956C8CB67222D678FAF20D485B25B, 8833B3D2BC6D9ABEFFF77826A0CFE178488B28F98375FE3151CD7A49B5CB18B5 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    20:55:59.0138 0x0e6c  AntiVirWebService - ok
    20:55:59.0201 0x0e6c  [ D41231AECFEE88973D56AEC2EE5B962D, BB41C9E436186155E5340780564FC52A36481E474C42965B5BBC57B6C42ADA38 ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
    20:55:59.0216 0x0e6c  APNMCP - ok
    20:55:59.0279 0x0e6c  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:55:59.0295 0x0e6c  Apple Mobile Device - ok
    20:55:59.0310 0x0e6c  AppMgmt - ok
    20:55:59.0373 0x0e6c  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
    20:55:59.0373 0x0e6c  asc - ok
    20:55:59.0388 0x0e6c  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    20:55:59.0404 0x0e6c  asc3350p - ok
    20:55:59.0435 0x0e6c  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
    20:55:59.0451 0x0e6c  asc3550 - ok
    20:55:59.0498 0x0e6c  [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
    20:55:59.0498 0x0e6c  ASCTRM - ok
    20:55:59.0607 0x0e6c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:55:59.0654 0x0e6c  aspnet_state - ok
    20:55:59.0670 0x0e6c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:55:59.0670 0x0e6c  AsyncMac - ok
    20:55:59.0701 0x0e6c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:55:59.0701 0x0e6c  atapi - ok
    20:55:59.0716 0x0e6c  Atdisk - ok
    20:55:59.0779 0x0e6c  [ ABC57A6F6070BAF9786C318F59F29F0B, 756A5689FABF133DBB0581F3BDA5DED03AE3CB97B3B960FA299D584CF30A2E75 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    20:55:59.0810 0x0e6c  Ati HotKey Poller - ok
    20:55:59.0904 0x0e6c  [ 03621F7F968FF63713943405DEB777F9, 71D346A8130AFC91BF6963DAE61D099648EA9A4D8BA40C4BDCC8ED142FE81217 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    20:55:59.0935 0x0e6c  ati2mtag - ok
    20:55:59.0966 0x0e6c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:55:59.0982 0x0e6c  Atmarpc - ok
    20:56:00.0013 0x0e6c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    20:56:00.0013 0x0e6c  AudioSrv - ok
    20:56:00.0029 0x0e6c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:56:00.0029 0x0e6c  audstub - ok
    20:56:00.0076 0x0e6c  [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    20:56:00.0076 0x0e6c  avgntflt - ok
    20:56:00.0107 0x0e6c  [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
    20:56:00.0107 0x0e6c  avipbb - ok
    20:56:00.0138 0x0e6c  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    20:56:00.0154 0x0e6c  avkmgr - ok
    20:56:00.0170 0x0e6c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    20:56:00.0185 0x0e6c  Beep - ok
    20:56:00.0216 0x0e6c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
    20:56:00.0248 0x0e6c  BITS - ok
    20:56:00.0357 0x0e6c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:56:00.0373 0x0e6c  Bonjour Service - ok
    20:56:00.0404 0x0e6c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
    20:56:00.0404 0x0e6c  Browser - ok
    20:56:00.0404 0x0e6c  bvrp_pci - ok
    20:56:00.0451 0x0e6c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    20:56:00.0451 0x0e6c  cbidf - ok
    20:56:00.0466 0x0e6c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:56:00.0466 0x0e6c  cbidf2k - ok
    20:56:00.0513 0x0e6c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    20:56:00.0529 0x0e6c  CCDECODE - ok
    20:56:00.0545 0x0e6c  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    20:56:00.0560 0x0e6c  cd20xrnt - ok
    20:56:00.0591 0x0e6c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:56:00.0607 0x0e6c  Cdaudio - ok
    20:56:00.0623 0x0e6c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    20:56:00.0623 0x0e6c  Cdfs - ok
    20:56:00.0654 0x0e6c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:56:00.0670 0x0e6c  Cdrom - ok
    20:56:00.0670 0x0e6c  Changer - ok
    20:56:00.0716 0x0e6c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    20:56:00.0716 0x0e6c  CiSvc - ok
    20:56:00.0748 0x0e6c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    20:56:00.0748 0x0e6c  ClipSrv - ok
    20:56:00.0795 0x0e6c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:56:00.0810 0x0e6c  clr_optimization_v2.0.50727_32 - ok
    20:56:00.0826 0x0e6c  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
    20:56:00.0826 0x0e6c  CmdIde - ok
    20:56:00.0841 0x0e6c  COMSysApp - ok
    20:56:00.0857 0x0e6c  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    20:56:00.0857 0x0e6c  Cpqarray - ok
    20:56:00.0888 0x0e6c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    20:56:00.0904 0x0e6c  CryptSvc - ok
    20:56:00.0966 0x0e6c  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    20:56:00.0982 0x0e6c  dac2w2k - ok
    20:56:01.0107 0x0e6c  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    20:56:01.0123 0x0e6c  dac960nt - ok
    20:56:01.0170 0x0e6c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    20:56:01.0185 0x0e6c  DcomLaunch - ok
    20:56:01.0216 0x0e6c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    20:56:01.0216 0x0e6c  Dhcp - ok
    20:56:01.0232 0x0e6c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    20:56:01.0232 0x0e6c  Disk - ok
    20:56:01.0310 0x0e6c  [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    20:56:01.0310 0x0e6c  DLABOIOM - ok
    20:56:01.0326 0x0e6c  [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    20:56:01.0326 0x0e6c  DLACDBHM - ok
    20:56:01.0341 0x0e6c  [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
    20:56:01.0341 0x0e6c  DLADResN - ok
    20:56:01.0357 0x0e6c  [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    20:56:01.0373 0x0e6c  DLAIFS_M - ok
    20:56:01.0388 0x0e6c  [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    20:56:01.0388 0x0e6c  DLAOPIOM - ok
    20:56:01.0404 0x0e6c  [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    20:56:01.0420 0x0e6c  DLAPoolM - ok
    20:56:01.0420 0x0e6c  [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    20:56:01.0420 0x0e6c  DLARTL_N - ok
    20:56:01.0435 0x0e6c  [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    20:56:01.0466 0x0e6c  DLAUDFAM - ok
    20:56:01.0482 0x0e6c  [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    20:56:01.0498 0x0e6c  DLAUDF_M - ok
    20:56:01.0513 0x0e6c  dmadmin - ok
    20:56:01.0576 0x0e6c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    20:56:01.0607 0x0e6c  dmboot - ok
    20:56:01.0654 0x0e6c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    20:56:01.0685 0x0e6c  dmio - ok
    20:56:01.0716 0x0e6c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    20:56:01.0716 0x0e6c  dmload - ok
    20:56:01.0763 0x0e6c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
    20:56:01.0779 0x0e6c  dmserver - ok
    20:56:01.0795 0x0e6c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    20:56:01.0810 0x0e6c  DMusic - ok
    20:56:01.0841 0x0e6c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    20:56:01.0841 0x0e6c  Dnscache - ok
    20:56:01.0888 0x0e6c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    20:56:01.0904 0x0e6c  Dot3svc - ok
    20:56:01.0935 0x0e6c  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    20:56:01.0951 0x0e6c  dpti2o - ok
    20:56:01.0966 0x0e6c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    20:56:01.0966 0x0e6c  drmkaud - ok
    20:56:02.0013 0x0e6c  [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    20:56:02.0013 0x0e6c  DRVMCDB - ok
    20:56:02.0013 0x0e6c  [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    20:56:02.0029 0x0e6c  DRVNDDM - ok
    20:56:02.0076 0x0e6c  [ FE80901578E7E3DA70299A5AEB2B7FBD, E68E8BAAA37AE26318BE8C084CFDD9040E97714C75EAA64B9720AB41FB1C9EF5 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
    20:56:02.0091 0x0e6c  DSBrokerService - ok
    20:56:02.0138 0x0e6c  [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct         C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    20:56:02.0138 0x0e6c  DSproct - ok
    20:56:02.0170 0x0e6c  [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv        C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    20:56:02.0185 0x0e6c  dsunidrv - ok
    20:56:02.0201 0x0e6c  [ 95974E66D3DE4951D29E28E8BC0B644C, 5737A2FB4D95AAB61A50E25CC570D78FC91C1A7B02754211B1B57DC4209A7D58 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
    20:56:02.0216 0x0e6c  E100B - ok
    20:56:02.0248 0x0e6c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    20:56:02.0263 0x0e6c  EapHost - ok
    20:56:02.0295 0x0e6c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    20:56:02.0295 0x0e6c  ERSvc - ok
    20:56:02.0341 0x0e6c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
    20:56:02.0341 0x0e6c  Eventlog - ok
    20:56:02.0388 0x0e6c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
    20:56:02.0388 0x0e6c  EventSystem - ok
    20:56:02.0435 0x0e6c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    20:56:02.0451 0x0e6c  Fastfat - ok
    20:56:02.0482 0x0e6c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    20:56:02.0498 0x0e6c  FastUserSwitchingCompatibility - ok
    20:56:02.0529 0x0e6c  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
    20:56:02.0545 0x0e6c  Fax - ok
    20:56:02.0576 0x0e6c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:56:02.0576 0x0e6c  Fdc - ok
    20:56:02.0607 0x0e6c  [ 20FE03294AC1429AE88A64C2F754B0D4, 1AAA5F71528C20143E3BE2A93675FC88E34AF1394EB5409103F2C799A5C0B166 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    20:56:02.0623 0x0e6c  FilterService - ok
    20:56:02.0654 0x0e6c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    20:56:02.0670 0x0e6c  Fips - ok
    20:56:02.0701 0x0e6c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20:56:02.0701 0x0e6c  Flpydisk - ok
    20:56:02.0732 0x0e6c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    20:56:02.0732 0x0e6c  FltMgr - ok
    20:56:02.0810 0x0e6c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:56:02.0826 0x0e6c  FontCache3.0.0.0 - ok
    20:56:02.0841 0x0e6c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:56:02.0841 0x0e6c  Fs_Rec - ok
    20:56:02.0873 0x0e6c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:56:02.0873 0x0e6c  Ftdisk - ok
    20:56:02.0920 0x0e6c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    20:56:02.0920 0x0e6c  GEARAspiWDM - ok
    20:56:02.0951 0x0e6c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:56:02.0966 0x0e6c  Gpc - ok
    20:56:03.0045 0x0e6c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    20:56:03.0045 0x0e6c  gupdate - ok
    20:56:03.0045 0x0e6c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    20:56:03.0060 0x0e6c  gupdatem - ok
    20:56:03.0123 0x0e6c  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:56:03.0123 0x0e6c  gusvc - ok
    20:56:03.0154 0x0e6c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:56:03.0170 0x0e6c  HDAudBus - ok
    20:56:03.0232 0x0e6c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    20:56:03.0248 0x0e6c  helpsvc - ok
    20:56:03.0279 0x0e6c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    20:56:03.0295 0x0e6c  HidServ - ok
    20:56:03.0295 0x0e6c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:56:03.0310 0x0e6c  HidUsb - ok
    20:56:03.0341 0x0e6c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    20:56:03.0357 0x0e6c  hkmsvc - ok
    20:56:03.0373 0x0e6c  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
    20:56:03.0388 0x0e6c  hpn - ok
    20:56:03.0466 0x0e6c  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    20:56:03.0482 0x0e6c  hpqcxs08 - ok
    20:56:03.0513 0x0e6c  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    20:56:03.0529 0x0e6c  hpqddsvc - ok
    20:56:03.0560 0x0e6c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    20:56:03.0560 0x0e6c  HPZid412 - ok
    20:56:03.0576 0x0e6c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    20:56:03.0591 0x0e6c  HPZipr12 - ok
    20:56:03.0623 0x0e6c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:56:03.0623 0x0e6c  HPZius12 - ok
    20:56:03.0670 0x0e6c  [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    20:56:03.0685 0x0e6c  HSFHWBS2 - ok
    20:56:03.0732 0x0e6c  [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    20:56:03.0795 0x0e6c  HSF_DP - ok
    20:56:03.0841 0x0e6c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    20:56:03.0841 0x0e6c  HTTP - ok
    20:56:03.0873 0x0e6c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    20:56:03.0888 0x0e6c  HTTPFilter - ok
    20:56:03.0935 0x0e6c  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
    20:56:03.0951 0x0e6c  i2omgmt - ok
    20:56:03.0998 0x0e6c  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
    20:56:03.0998 0x0e6c  i2omp - ok
    20:56:04.0045 0x0e6c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:56:04.0060 0x0e6c  i8042prt - ok
    20:56:04.0123 0x0e6c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    20:56:04.0154 0x0e6c  IDriverT - ok
    20:56:04.0248 0x0e6c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:56:04.0326 0x0e6c  idsvc - ok
    20:56:04.0420 0x0e6c  [ 3962F0BE2018A275DBE7510A80173759, 4144CC7B33B5CED4BCA25D41874EDF6CDB88BCA2EE63FAC71C3F32CECA4D3E6E ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    20:56:04.0435 0x0e6c  IHA_MessageCenter - ok
    20:56:04.0451 0x0e6c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:56:04.0466 0x0e6c  Imapi - ok
    20:56:04.0498 0x0e6c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
    20:56:04.0513 0x0e6c  ImapiService - ok
    20:56:04.0545 0x0e6c  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
    20:56:04.0545 0x0e6c  ini910u - ok
    20:56:04.0591 0x0e6c  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:56:04.0591 0x0e6c  IntelIde - ok
    20:56:04.0623 0x0e6c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:56:04.0638 0x0e6c  intelppm - ok
    20:56:04.0670 0x0e6c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    20:56:04.0670 0x0e6c  Ip6Fw - ok
    20:56:04.0716 0x0e6c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:56:04.0732 0x0e6c  IpFilterDriver - ok
    20:56:04.0748 0x0e6c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:56:04.0748 0x0e6c  IpInIp - ok
    20:56:04.0779 0x0e6c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:56:04.0779 0x0e6c  IpNat - ok
    20:56:04.0857 0x0e6c  [ E8A39D41474BE42FD8830CED32932D6C, 66D59E61E46253D06A4811CE2101C0AD4EEFE25C676548BBB1B0D056A20B5DC6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    20:56:04.0888 0x0e6c  iPod Service - ok
    20:56:04.0904 0x0e6c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:56:04.0920 0x0e6c  IPSec - ok
    20:56:04.0951 0x0e6c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:56:04.0951 0x0e6c  IRENUM - ok
    20:56:04.0982 0x0e6c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:56:04.0982 0x0e6c  isapnp - ok
    20:56:05.0076 0x0e6c  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    20:56:05.0091 0x0e6c  JavaQuickStarterService - ok
    20:56:05.0138 0x0e6c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:56:05.0138 0x0e6c  Kbdclass - ok
    20:56:05.0185 0x0e6c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:56:05.0185 0x0e6c  kbdhid - ok
    20:56:05.0248 0x0e6c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    20:56:05.0263 0x0e6c  kmixer - ok
    20:56:05.0295 0x0e6c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    20:56:05.0295 0x0e6c  KSecDD - ok
    20:56:05.0341 0x0e6c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    20:56:05.0341 0x0e6c  lanmanserver - ok
    20:56:05.0373 0x0e6c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    20:56:05.0388 0x0e6c  lanmanworkstation - ok
    20:56:05.0404 0x0e6c  Lavasoft Kernexplorer - ok
    20:56:05.0420 0x0e6c  Lbd - ok
    20:56:05.0420 0x0e6c  lbrtfdc - ok
    20:56:05.0451 0x0e6c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    20:56:05.0451 0x0e6c  LmHosts - ok
    20:56:05.0482 0x0e6c  [ 8BE71D7EDB8C7494913722059F760DD0, BA02D1EC025BDA8ADAE34483AB6B422A75D0C11392761F83BCB0D0ADB5B1EAE2 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    20:56:05.0498 0x0e6c  LVPr2Mon - ok
    20:56:05.0545 0x0e6c  [ ED643E777BA3F7151EF3F0FB6BE4F7F0, 94B96367ECF2140299F36D93C00C9FE666953BEA6A1253EEEAAC439A682D38CA ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
    20:56:05.0560 0x0e6c  LVRS - ok
    20:56:05.0748 0x0e6c  [ 5BC80451109A8DD7F2DDD35BCE2929A3, F97BAD2D43D1E199841BAE5707424B49B4451CD486F249646E898FC7CC7AB4C8 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    20:56:05.0873 0x0e6c  LVUVC - ok
    20:56:05.0920 0x0e6c  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    20:56:05.0935 0x0e6c  mdmxsdk - ok
    20:56:05.0951 0x0e6c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    20:56:05.0966 0x0e6c  Messenger - ok
    20:56:05.0998 0x0e6c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    20:56:05.0998 0x0e6c  mnmdd - ok
    20:56:06.0029 0x0e6c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    20:56:06.0045 0x0e6c  mnmsrvc - ok
    20:56:06.0076 0x0e6c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    20:56:06.0076 0x0e6c  Modem - ok
    20:56:06.0123 0x0e6c  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
    20:56:06.0123 0x0e6c  MODEMCSA - ok
    20:56:06.0154 0x0e6c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:56:06.0154 0x0e6c  Mouclass - ok
    20:56:06.0201 0x0e6c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:56:06.0201 0x0e6c  mouhid - ok
    20:56:06.0216 0x0e6c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    20:56:06.0216 0x0e6c  MountMgr - ok
    20:56:06.0248 0x0e6c  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    20:56:06.0263 0x0e6c  mraid35x - ok
    20:56:06.0279 0x0e6c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:56:06.0279 0x0e6c  MRxDAV - ok
    20:56:06.0341 0x0e6c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:56:06.0357 0x0e6c  MRxSmb - ok
    20:56:06.0388 0x0e6c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    20:56:06.0388 0x0e6c  MSDTC - ok
    20:56:06.0435 0x0e6c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    20:56:06.0435 0x0e6c  Msfs - ok
    20:56:06.0451 0x0e6c  MSIServer - ok
    20:56:06.0466 0x0e6c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:56:06.0482 0x0e6c  MSKSSRV - ok
    20:56:06.0513 0x0e6c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:56:06.0529 0x0e6c  MSPCLOCK - ok
    20:56:06.0545 0x0e6c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    20:56:06.0560 0x0e6c  MSPQM - ok
    20:56:06.0576 0x0e6c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:56:06.0591 0x0e6c  mssmbios - ok
    20:56:06.0607 0x0e6c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
    20:56:06.0623 0x0e6c  MSTEE - ok
    20:56:06.0638 0x0e6c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    20:56:06.0638 0x0e6c  Mup - ok
    20:56:06.0670 0x0e6c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    20:56:06.0685 0x0e6c  NABTSFEC - ok
    20:56:06.0748 0x0e6c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    20:56:06.0779 0x0e6c  napagent - ok
    20:56:06.0826 0x0e6c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    20:56:06.0826 0x0e6c  NDIS - ok
    20:56:06.0873 0x0e6c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    20:56:06.0873 0x0e6c  NdisIP - ok
    20:56:06.0920 0x0e6c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:56:06.0920 0x0e6c  NdisTapi - ok
    20:56:06.0966 0x0e6c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:56:06.0966 0x0e6c  Ndisuio - ok
    20:56:06.0982 0x0e6c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:56:06.0998 0x0e6c  NdisWan - ok
    20:56:07.0013 0x0e6c  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    20:56:07.0013 0x0e6c  NDProxy - ok
    20:56:07.0045 0x0e6c  [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    20:56:07.0045 0x0e6c  Net Driver HPZ12 - ok
    20:56:07.0060 0x0e6c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:56:07.0060 0x0e6c  NetBIOS - ok
    20:56:07.0091 0x0e6c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:56:07.0107 0x0e6c  NetBT - ok
    20:56:07.0138 0x0e6c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
    20:56:07.0154 0x0e6c  NetDDE - ok
    20:56:07.0154 0x0e6c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    20:56:07.0170 0x0e6c  NetDDEdsdm - ok
    20:56:07.0185 0x0e6c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    20:56:07.0185 0x0e6c  Netlogon - ok
    20:56:07.0216 0x0e6c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
    20:56:07.0232 0x0e6c  Netman - ok
    20:56:07.0310 0x0e6c  [ 9DA26B773BD04B867A8E9F427CD048FC, A8D8D92720EA31685864B834FC67CD6225D0B65DF40DCDD6A80E6D0DF677C855 ] NetSvc          C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    20:56:07.0341 0x0e6c  NetSvc - ok
    20:56:07.0357 0x0e6c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:56:07.0388 0x0e6c  NetTcpPortSharing - ok
    20:56:07.0420 0x0e6c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
    20:56:07.0435 0x0e6c  Nla - ok
    20:56:07.0435 0x0e6c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    20:56:07.0435 0x0e6c  Npfs - ok
    20:56:07.0498 0x0e6c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    20:56:07.0513 0x0e6c  Ntfs - ok
    20:56:07.0529 0x0e6c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    20:56:07.0529 0x0e6c  NtLmSsp - ok
    20:56:07.0591 0x0e6c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    20:56:07.0623 0x0e6c  NtmsSvc - ok
    20:56:07.0654 0x0e6c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
    20:56:07.0670 0x0e6c  Null - ok
    20:56:07.0763 0x0e6c  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    20:56:07.0857 0x0e6c  nv - ok
    20:56:07.0904 0x0e6c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:56:07.0904 0x0e6c  NwlnkFlt - ok
    20:56:07.0935 0x0e6c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:56:07.0951 0x0e6c  NwlnkFwd - ok
    20:56:08.0013 0x0e6c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:56:08.0029 0x0e6c  ose - ok
    20:56:08.0060 0x0e6c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    20:56:08.0060 0x0e6c  Parport - ok
    20:56:08.0091 0x0e6c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    20:56:08.0091 0x0e6c  PartMgr - ok
    20:56:08.0123 0x0e6c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    20:56:08.0138 0x0e6c  ParVdm - ok
    20:56:08.0263 0x0e6c  [ FE11B610EA44101EF9DCBA7F38340F64, BA28B5A70DFFF682418265936749901AFF53EB90400DFD7AD9CEDA40C3862F09 ] PCD5SRVC{FBEA8B78-1B22F121-05040000} C:\PROGRA~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms
    20:56:08.0310 0x0e6c  PCD5SRVC{FBEA8B78-1B22F121-05040000} - ok
    20:56:08.0341 0x0e6c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    20:56:08.0341 0x0e6c  PCI - ok
    20:56:08.0341 0x0e6c  PCIDump - ok
    20:56:08.0388 0x0e6c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:56:08.0388 0x0e6c  PCIIde - ok
    20:56:08.0420 0x0e6c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:56:08.0435 0x0e6c  Pcmcia - ok
    20:56:08.0435 0x0e6c  PDCOMP - ok
    20:56:08.0451 0x0e6c  PDFRAME - ok
    20:56:08.0451 0x0e6c  PDRELI - ok
    20:56:08.0466 0x0e6c  PDRFRAME - ok
    20:56:08.0482 0x0e6c  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
    20:56:08.0498 0x0e6c  perc2 - ok
    20:56:08.0545 0x0e6c  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    20:56:08.0545 0x0e6c  perc2hib - ok
    20:56:08.0607 0x0e6c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
    20:56:08.0607 0x0e6c  PlugPlay - ok
    20:56:08.0638 0x0e6c  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    20:56:08.0654 0x0e6c  Pml Driver HPZ12 - ok
    20:56:08.0670 0x0e6c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    20:56:08.0670 0x0e6c  PolicyAgent - ok
    20:56:08.0701 0x0e6c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:56:08.0716 0x0e6c  PptpMiniport - ok
    20:56:08.0716 0x0e6c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    20:56:08.0716 0x0e6c  ProtectedStorage - ok
    20:56:08.0732 0x0e6c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    20:56:08.0748 0x0e6c  PSched - ok
    20:56:08.0779 0x0e6c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:56:08.0779 0x0e6c  Ptilink - ok
    20:56:08.0795 0x0e6c  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:56:08.0795 0x0e6c  PxHelp20 - ok
    20:56:08.0826 0x0e6c  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
    20:56:08.0841 0x0e6c  ql1080 - ok
    20:56:08.0841 0x0e6c  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    20:56:08.0857 0x0e6c  Ql10wnt - ok
    20:56:08.0888 0x0e6c  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
    20:56:08.0888 0x0e6c  ql12160 - ok
    20:56:08.0920 0x0e6c  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
    20:56:08.0920 0x0e6c  ql1240 - ok
    20:56:08.0951 0x0e6c  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
    20:56:08.0966 0x0e6c  ql1280 - ok
    20:56:08.0982 0x0e6c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:56:08.0998 0x0e6c  RasAcd - ok
    20:56:09.0029 0x0e6c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    20:56:09.0029 0x0e6c  RasAuto - ok
    20:56:09.0060 0x0e6c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:56:09.0076 0x0e6c  Rasl2tp - ok
    20:56:09.0107 0x0e6c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    20:56:09.0138 0x0e6c  RasMan - ok
    20:56:09.0138 0x0e6c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:56:09.0154 0x0e6c  RasPppoe - ok
    20:56:09.0170 0x0e6c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:56:09.0170 0x0e6c  Raspti - ok
    20:56:09.0216 0x0e6c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:56:09.0216 0x0e6c  Rdbss - ok
    20:56:09.0232 0x0e6c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:56:09.0232 0x0e6c  RDPCDD - ok
    20:56:09.0263 0x0e6c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:56:09.0295 0x0e6c  rdpdr - ok
    20:56:09.0341 0x0e6c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    20:56:09.0341 0x0e6c  RDPWD - ok
    20:56:09.0373 0x0e6c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    20:56:09.0388 0x0e6c  RDSessMgr - ok
    20:56:09.0420 0x0e6c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:56:09.0420 0x0e6c  redbook - ok
    20:56:09.0451 0x0e6c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    20:56:09.0466 0x0e6c  RemoteAccess - ok
    20:56:09.0498 0x0e6c  [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb          C:\WINDOWS\system32\Drivers\RimUsb.sys
    20:56:09.0513 0x0e6c  RimUsb - ok
    20:56:09.0529 0x0e6c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
    20:56:09.0545 0x0e6c  RpcLocator - ok
    20:56:09.0591 0x0e6c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
    20:56:09.0607 0x0e6c  RpcSs - ok
    20:56:09.0654 0x0e6c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
    20:56:09.0670 0x0e6c  RSVP - ok
    20:56:09.0716 0x0e6c  [ 7BFDF13721F0366212AB8E94361A05BD, A784D976F5009D24DB85D72ABFFC180FE1FF29191F6CC6632C6A0C6F6316BFEE ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
    20:56:09.0748 0x0e6c  RTL8192su - ok
    20:56:09.0763 0x0e6c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
    20:56:09.0763 0x0e6c  SamSs - ok
    20:56:09.0857 0x0e6c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    20:56:09.0857 0x0e6c  SASDIFSV - ok
    20:56:09.0888 0x0e6c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    20:56:09.0904 0x0e6c  SASKUTIL - ok
    20:56:09.0904 0x0e6c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    20:56:09.0920 0x0e6c  SCardSvr - ok
    20:56:09.0966 0x0e6c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    20:56:09.0998 0x0e6c  Schedule - ok
    20:56:10.0029 0x0e6c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:56:10.0045 0x0e6c  Secdrv - ok
    20:56:10.0076 0x0e6c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    20:56:10.0091 0x0e6c  seclogon - ok
    20:56:10.0123 0x0e6c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
    20:56:10.0123 0x0e6c  SENS - ok
    20:56:10.0154 0x0e6c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:56:10.0170 0x0e6c  serenum - ok
    20:56:10.0201 0x0e6c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    20:56:10.0216 0x0e6c  Serial - ok
    20:56:10.0248 0x0e6c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:56:10.0263 0x0e6c  Sfloppy - ok
    20:56:10.0295 0x0e6c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    20:56:10.0326 0x0e6c  SharedAccess - ok
    20:56:10.0357 0x0e6c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    20:56:10.0357 0x0e6c  ShellHWDetection - ok
    20:56:10.0373 0x0e6c  Simbad - ok
    20:56:10.0404 0x0e6c  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
    20:56:10.0420 0x0e6c  sisagp - ok
    20:56:10.0466 0x0e6c  [ 8C4F0DCC6A5100D48F9B2F950CDD220F, 7B66C259BEBFEA527BFEC2B69E8224EE2277CB736EF9E0F5A92C932657EC8351 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
    20:56:10.0545 0x0e6c  SkypeUpdate - ok
    20:56:10.0591 0x0e6c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
    20:56:10.0591 0x0e6c  SLIP - ok
    20:56:10.0638 0x0e6c  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    20:56:10.0654 0x0e6c  SONYPVU1 - ok
    20:56:10.0670 0x0e6c  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
    20:56:10.0670 0x0e6c  Sparrow - ok
    20:56:10.0701 0x0e6c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    20:56:10.0716 0x0e6c  splitter - ok
    20:56:10.0748 0x0e6c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    20:56:10.0748 0x0e6c  Spooler - ok
    20:56:10.0763 0x0e6c  sprtsvc_dellsupportcenter - ok
    20:56:10.0810 0x0e6c  [ C48495C76A551C1ACC0E5FFAB0958476, D4B8C2F5906251F303FEE0ACFC4079DFA87B0051DF4BD9944E722E7F47D71ACD ] SQTECH913D      C:\WINDOWS\system32\Drivers\Capt913D.sys
    20:56:10.0810 0x0e6c  SQTECH913D - ok
    20:56:10.0873 0x0e6c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    20:56:10.0873 0x0e6c  sr - ok
    20:56:10.0904 0x0e6c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
    20:56:10.0920 0x0e6c  srservice - ok
    20:56:10.0966 0x0e6c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    20:56:10.0982 0x0e6c  Srv - ok
    20:56:11.0029 0x0e6c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    20:56:11.0045 0x0e6c  SSDPSRV - ok
    20:56:11.0091 0x0e6c  [ FDAEB4E13915D9096E10A334318481EA, 1D71E98E910127F52F2BB54237F6418EE721462AD5F83B525D2EF74E0472DF65 ] ssecbus         C:\WINDOWS\system32\DRIVERS\ssecbus.sys
    20:56:11.0107 0x0e6c  ssecbus - ok
    20:56:11.0138 0x0e6c  [ 58D6E84ECD0AB3B90702BE52ED8718C9, B2E7D99694F629567F21C51F38E76B248045CE59F6AD1509AEEA4EC71B5917F1 ] ssecmdfl        C:\WINDOWS\system32\DRIVERS\ssecmdfl.sys
    20:56:11.0138 0x0e6c  ssecmdfl - ok
    20:56:11.0185 0x0e6c  [ 1C559A3E8DE75D68603ED6BFCF7449CF, 0EF913A378C56DCF15750E04C32E4F4C009EBC064B08A6831B8A894C2638E1D2 ] ssecmdm         C:\WINDOWS\system32\DRIVERS\ssecmdm.sys
    20:56:11.0201 0x0e6c  ssecmdm - ok
    20:56:11.0232 0x0e6c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    20:56:11.0232 0x0e6c  ssmdrv - ok
    20:56:11.0310 0x0e6c  [ 2A2DC39623ADEF8AB3703AB9FAC4B440, A7D66F8364363085EA8BC54AB41E0C1E509A7A88753D6E6707FACF0265DF2A75 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    20:56:11.0357 0x0e6c  STHDA - ok
    20:56:11.0404 0x0e6c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    20:56:11.0420 0x0e6c  stisvc - ok
    20:56:11.0466 0x0e6c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    20:56:11.0466 0x0e6c  streamip - ok
    20:56:11.0513 0x0e6c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:56:11.0529 0x0e6c  swenum - ok
    20:56:11.0560 0x0e6c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    20:56:11.0560 0x0e6c  swmidi - ok
    20:56:11.0576 0x0e6c  SwPrv - ok
    20:56:11.0607 0x0e6c  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
    20:56:11.0623 0x0e6c  symc810 - ok
    20:56:11.0654 0x0e6c  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    20:56:11.0654 0x0e6c  symc8xx - ok
    20:56:11.0670 0x0e6c  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    20:56:11.0685 0x0e6c  sym_hi - ok
    20:56:11.0716 0x0e6c  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    20:56:11.0716 0x0e6c  sym_u3 - ok
    20:56:11.0748 0x0e6c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    20:56:11.0763 0x0e6c  sysaudio - ok
    20:56:11.0795 0x0e6c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    20:56:11.0810 0x0e6c  SysmonLog - ok
    20:56:11.0841 0x0e6c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    20:56:11.0857 0x0e6c  TapiSrv - ok
    20:56:11.0904 0x0e6c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:56:11.0904 0x0e6c  Tcpip - ok
    20:56:11.0935 0x0e6c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:56:11.0935 0x0e6c  TDPIPE - ok
    20:56:11.0966 0x0e6c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    20:56:11.0982 0x0e6c  TDTCP - ok
    20:56:12.0013 0x0e6c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:56:12.0013 0x0e6c  TermDD - ok
    20:56:12.0045 0x0e6c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
    20:56:12.0076 0x0e6c  TermService - ok
    20:56:12.0107 0x0e6c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
    20:56:12.0107 0x0e6c  Themes - ok
    20:56:12.0138 0x0e6c  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
    20:56:12.0138 0x0e6c  TosIde - ok
    20:56:12.0170 0x0e6c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    20:56:12.0185 0x0e6c  TrkWks - ok
    20:56:12.0232 0x0e6c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    20:56:12.0232 0x0e6c  Udfs - ok
    20:56:12.0248 0x0e6c  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
    20:56:12.0263 0x0e6c  ultra - ok
    20:56:12.0357 0x0e6c  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    20:56:12.0373 0x0e6c  UMVPFSrv - ok
    20:56:12.0404 0x0e6c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    20:56:12.0435 0x0e6c  Update - ok
    20:56:12.0466 0x0e6c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
    20:56:12.0482 0x0e6c  upnphost - ok
    20:56:12.0513 0x0e6c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
    20:56:12.0529 0x0e6c  UPS - ok
    20:56:12.0576 0x0e6c  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
    20:56:12.0591 0x0e6c  USBAAPL - ok
    20:56:12.0623 0x0e6c  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
    20:56:12.0623 0x0e6c  usbaudio - ok
    20:56:12.0638 0x0e6c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:56:12.0638 0x0e6c  usbccgp - ok
    20:56:12.0670 0x0e6c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:56:12.0670 0x0e6c  usbehci - ok
    20:56:12.0701 0x0e6c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:56:12.0701 0x0e6c  usbhub - ok
    20:56:12.0732 0x0e6c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:56:12.0748 0x0e6c  usbprint - ok
    20:56:12.0779 0x0e6c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:56:12.0779 0x0e6c  usbscan - ok
    20:56:12.0795 0x0e6c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:56:12.0810 0x0e6c  USBSTOR - ok
    20:56:12.0826 0x0e6c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:56:12.0841 0x0e6c  usbuhci - ok
    20:56:12.0873 0x0e6c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
    20:56:12.0873 0x0e6c  usbvideo - ok
    20:56:12.0904 0x0e6c  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    20:56:12.0920 0x0e6c  usb_rndisx - ok
    20:56:12.0935 0x0e6c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    20:56:12.0935 0x0e6c  VgaSave - ok
    20:56:12.0982 0x0e6c  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
    20:56:12.0982 0x0e6c  viaagp - ok
    20:56:13.0029 0x0e6c  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:56:13.0029 0x0e6c  ViaIde - ok
    20:56:13.0076 0x0e6c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    20:56:13.0076 0x0e6c  VolSnap - ok
    20:56:13.0123 0x0e6c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
    20:56:13.0154 0x0e6c  VSS - ok
    20:56:13.0201 0x0e6c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
    20:56:13.0201 0x0e6c  w32time - ok
    20:56:13.0232 0x0e6c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:56:13.0248 0x0e6c  Wanarp - ok
    20:56:13.0248 0x0e6c  wanatw - ok
    20:56:13.0263 0x0e6c  WDICA - ok
    20:56:13.0295 0x0e6c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    20:56:13.0310 0x0e6c  wdmaud - ok
    20:56:13.0341 0x0e6c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
    20:56:13.0357 0x0e6c  WebClient - ok
    20:56:13.0420 0x0e6c  [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    20:56:13.0451 0x0e6c  winachsf - ok
    20:56:13.0513 0x0e6c  [ F45DD1E1365D857DD08BC23563370D0E, D95AEBB2095579D716C62152C8B805E119812FD2E40F14F9A5BA2EFDE133303B ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
    20:56:13.0513 0x0e6c  WinDefend - ok
    20:56:13.0576 0x0e6c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    20:56:13.0591 0x0e6c  winmgmt - ok
    20:56:13.0638 0x0e6c  [ BB2C5A7A555B387B85481B8BDE5370D7, B78F9944B3E4A5CE50D8D5424611422A0BA4977AE66AB805B27EE0D330753873 ] WLNdis50        C:\WINDOWS\system32\DRIVERS\wlndis50.sys
    20:56:13.0638 0x0e6c  WLNdis50 - ok
    20:56:13.0685 0x0e6c  [ 5BF6D377D3C277A3A174CAFAE32E5831, 0A8131D44820B0B7FDF482D5ACD256094DEA630851F8DB065AC0F91D6E007847 ] WLSVC           C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe
    20:56:13.0701 0x0e6c  WLSVC - ok
    20:56:13.0748 0x0e6c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
    20:56:13.0748 0x0e6c  WmdmPmSN - ok
    20:56:13.0795 0x0e6c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    20:56:13.0810 0x0e6c  WmiApSrv - ok
    20:56:13.0935 0x0e6c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
    20:56:13.0998 0x0e6c  WMPNetworkSvc - ok
    20:56:14.0029 0x0e6c  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    20:56:14.0045 0x0e6c  WpdUsb - ok
    20:56:14.0076 0x0e6c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    20:56:14.0091 0x0e6c  wscsvc - ok
    20:56:14.0123 0x0e6c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    20:56:14.0123 0x0e6c  WSTCODEC - ok
    20:56:14.0154 0x0e6c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    20:56:14.0170 0x0e6c  wuauserv - ok
    20:56:14.0201 0x0e6c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:56:14.0201 0x0e6c  WudfPf - ok
    20:56:14.0248 0x0e6c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:56:14.0248 0x0e6c  WudfRd - ok
    20:56:14.0279 0x0e6c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
    20:56:14.0295 0x0e6c  WudfSvc - ok
    20:56:14.0341 0x0e6c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    20:56:14.0357 0x0e6c  WZCSVC - ok
    20:56:14.0388 0x0e6c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    20:56:14.0404 0x0e6c  xmlprov - ok
    20:56:14.0435 0x0e6c  ================ Scan global ===============================
    20:56:14.0466 0x0e6c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    20:56:14.0513 0x0e6c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    20:56:14.0545 0x0e6c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    20:56:14.0560 0x0e6c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
    20:56:14.0560 0x0e6c  [ Global ] - ok
    20:56:14.0560 0x0e6c  ================ Scan MBR ==================================
    20:56:14.0591 0x0e6c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    20:56:14.0763 0x0e6c  \Device\Harddisk0\DR0 - ok
    20:56:14.0763 0x0e6c  ================ Scan VBR ==================================
    20:56:14.0779 0x0e6c  [ AEF0ED1212BDA36FA6BE50961A88CBAA ] \Device\Harddisk0\DR0\Partition1
    20:56:14.0779 0x0e6c  \Device\Harddisk0\DR0\Partition1 - ok
    20:56:14.0779 0x0e6c  Waiting for KSN requests completion. In queue: 276
    20:56:15.0779 0x0e6c  Waiting for KSN requests completion. In queue: 276
    20:56:16.0779 0x0e6c  Waiting for KSN requests completion. In queue: 276
    20:56:17.0826 0x0e6c  AV detected via SS1: Avira Desktop, 14.0.1.519, enabled, updated
    20:56:17.0826 0x0e6c  Win FW state via NFM: enabled
    20:56:20.0295 0x0e6c  ============================================================
    20:56:20.0295 0x0e6c  Scan finished
    20:56:20.0295 0x0e6c  ============================================================
    20:56:20.0295 0x0f7c  Detected object count: 0
    20:56:20.0295 0x0f7c  Actual detected object count: 0
    21:19:41.0357 0x0aa4  Deinitialize success
     

    AdwCleaner:

     

    # AdwCleaner v3.017 - Report created 13/01/2014 at 21:20:47
    # Updated 12/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Cory - BLESSING-1
    # Running from : C:\Documents and Settings\Cory\Desktop\Bleeping Computer\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\searchplugins\Conduit.xml
    Folder Found : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\Extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
    Folder Found : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\Extensions\plugin@yontoo.com
    Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Found C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\CT2418376
    Folder Found C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\verizontb
    Folder Found C:\Documents and Settings\Cory\Application Data\verizontb
    Folder Found C:\Documents and Settings\Cory\Application Data\Viewpoint
    Folder Found C:\Documents and Settings\Cory\Local Settings\Application Data\Conduit
    Folder Found C:\Documents and Settings\NetworkService\Application Data\verizontb
    Folder Found C:\Program Files\Conduit
    Folder Found C:\Program Files\verizontb
    Folder Found C:\Program Files\Yontoo Layers Client

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AVG Security Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKLM\Software\Trymedia Systems
    Key Found : HKLM\Software\Viewpoint
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F8D96645-337C-419B-8792-B6C126145811}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    -\\ Mozilla Firefox v3.6.13 (en-US)

    [ File : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\prefs.js ]

    Line Found : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Line Found : user_pref("CT2418376.CTID", "CT2418376");
    Line Found : user_pref("CT2418376.CurrentServerDate", "10-9-2013");
    Line Found : user_pref("CT2418376.DialogsAlignMode", "LTR");
    Line Found : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.FirstServerDate", "20-3-2010");
    Line Found : user_pref("CT2418376.FirstTime", true);
    Line Found : user_pref("CT2418376.FirstTimeFF3", true);
    Line Found : user_pref("CT2418376.FixPageNotFoundErrors", true);
    Line Found : user_pref("CT2418376.GroupingServerCheckInterval", 1440);
    Line Found : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Line Found : user_pref("CT2418376.Initialize", true);
    Line Found : user_pref("CT2418376.InitializeCommonPrefs", true);
    Line Found : user_pref("CT2418376.InstalledDate", "Fri Mar 19 2010 22:52:48 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.IsGrouping", false);
    Line Found : user_pref("CT2418376.IsMulticommunity", false);
    Line Found : user_pref("CT2418376.IsOpenThankYouPage", false);
    Line Found : user_pref("CT2418376.IsOpenUninstallPage", true);
    Line Found : user_pref("CT2418376.LanguagePackLastCheckTime", "Tue Sep 10 2013 10:02:05 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);
    Line Found : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Line Found : user_pref("CT2418376.LastLogin_2.5.8.6", "Tue Sep 10 2013 10:02:05 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.LatestVersion", "3.20.0.4");
    Line Found : user_pref("CT2418376.Locale", "en");
    Line Found : user_pref("CT2418376.LoginCache", 4);
    Line Found : user_pref("CT2418376.MCDetectTooltipHeight", "83");
    Line Found : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Line Found : user_pref("CT2418376.MCDetectTooltipWidth", "295");
    Line Found : user_pref("CT2418376.SHRINK_TOOLBAR", 1);
    Line Found : user_pref("CT2418376.SavedHomepage", "resource:/browserconfig.properties");
    Line Found : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2418376&octid=EB_ORIGINAL_CTID&SearchSource=1");
    Line Found : user_pref("CT2418376.SearchFromAddressBarIsInit", true);
    Line Found : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=");
    Line Found : user_pref("CT2418376.SearchInNewTabEnabled", true);
    Line Found : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);
    Line Found : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
    Line Found : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
    Line Found : user_pref("CT2418376.SettingsCheckIntervalMin", 120);
    Line Found : user_pref("CT2418376.SettingsLastCheckTime", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.SettingsLastUpdate", "1274627005");
    Line Found : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);
    Line Found : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Tue Sep 10 2013 10:02:03 GMT-0400 (Eastern Daylight Time)");
    Line Found : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1331805997");
    Line Found : user_pref("CT2418376.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Line Found : user_pref("CT2418376.UserID", "UN28123316767237458");
    Line Found : user_pref("CT2418376.alertChannelId", "812740");
    Line Found : user_pref("CT2418376.clientLogIsEnabled", false);
    Line Found : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Line Found : user_pref("CT2418376.myStuffEnabled", true);
    Line Found : user_pref("CT2418376.myStuffPublihserMinWidth", 400);
    Line Found : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Line Found : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);
    Line Found : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Line Found : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2418376");
    Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376");
    Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2418376");
    Line Found : user_pref("browser.search.defaultthis.engineName", "PageRage Customized Web Search");
    Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}");
    Line Found : user_pref("extentions.y2layers.installId", "f673d689-352a-4e4d-a8e7-80d91495f634");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Documents and Settings\Cory\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    *************************

    AdwCleaner[R0].txt - [12762 octets] - [13/01/2014 21:20:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12823 octets] ##########



    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:00 AM

    Posted 14 January 2014 - 07:27 AM

    Please read through these instructions to familarize yourself with what to expect when this tool runs
     
    Download ComboFix from one of these locations:
     
    Link 1
    Link 2
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     


    RCUpdate1.png

     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     
    RC2-1.png
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    Notes:
     
    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 14 January 2014 - 07:07 PM

    Hi Jeff - The ComboFix log is posted below:

     

    ComboFix 14-01-14.02 - Cory 01/14/2014  18:42:51.5.1 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2406 [GMT -5:00]
    Running from: c:\documents and settings\Cory\Desktop\Bleeping Computer\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Cory\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\Cory\My Documents\~WRD3634.tmp
    c:\documents and settings\Cory\My Documents\~WRL0183.tmp
    c:\documents and settings\Cory\My Documents\~WRL0446.tmp
    c:\documents and settings\Cory\My Documents\~WRL1683.tmp
    c:\documents and settings\Cory\WINDOWS
    C:\install.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-12-14 to 2014-01-14  )))))))))))))))))))))))))))))))
    .
    .
    2014-01-14 02:20 . 2014-01-14 02:21 -------- d-----w- C:\AdwCleaner
    2014-01-08 00:46 . 2014-01-08 00:47 -------- d-----w- c:\documents and settings\Administrator
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-17 12:52 . 2013-07-26 01:54 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2013-12-17 12:52 . 2013-07-26 01:54 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-12-11 15:52 . 2012-04-23 22:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-11 15:52 . 2011-06-03 12:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-19 15:10 . 2013-07-26 01:54 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-11-13 02:59 . 2004-08-10 16:51 150528 ----a-w- c:\windows\system32\imagehlp.dll
    2013-11-07 05:38 . 2004-08-10 16:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-11-06 01:03 . 2009-04-17 17:49 7168 ----a-w- c:\windows\system32\xpsp4res.dll
    2013-10-30 02:26 . 2004-08-10 16:51 1879040 ----a-w- c:\windows\system32\win32k.sys
    2013-10-29 07:57 . 2004-08-10 16:51 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-10-29 07:57 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-10-29 07:57 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-10-29 07:57 . 2004-08-10 16:50 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-10-29 00:45 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
    2013-10-23 23:45 . 2004-08-10 16:51 172032 ----a-w- c:\windows\system32\scrrun.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2013-02-05 87616]
    .
    [HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
    2013-07-26 20:30 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
    2013-02-05 20:04 265280 ----a-w- c:\program files\verizontb\auxi\verizonAu.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
    2013-02-05 20:04 87616 ----a-w- c:\program files\verizontb\verizonDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2013-02-05 87616]
    "{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
    .
    [HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
    .
    [HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
    .
    [HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-05-21 1025264]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
    "ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2011-5-4 505152]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-04-27 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-18 23:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "avgwd"=2 (0x2)
    "AVGIDSAgent"=2 (0x2)
    "AVG Security Toolbar Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\Cory\\My Documents\\Cory downloads\\SC2-WingsOfLibertyDemo-enUS-downloader.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II Public Test.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/25/2013 8:54 PM 37352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2013 8:54 PM 440376]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/25/2013 8:54 PM 1011768]
    R2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [7/26/2013 3:30 PM 168400]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [8/3/2012 3:22 PM 350792]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/4/2011 10:32 AM 20480]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
    S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [5/4/2011 10:32 AM 167936]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/4/2011 10:31 AM 588032]
    S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/1/2008 9:09 PM 29522]
    S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [5/4/2012 7:50 PM 86528]
    S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [5/4/2012 7:50 PM 14976]
    S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [5/4/2012 7:50 PM 114304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    brycjmir
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 21:20 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 15:52]
    .
    2014-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-16 15:05]
    .
    2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-16 15:05]
    .
    2014-01-14 c:\windows\Tasks\User_Feed_Synchronization-{0D5D94E8-7F5B-435F-9F4A-7CF483109193}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: verizon.net\activate
    Trusted Zone: verizon.net\activatemydsl
    Trusted Zone: verizon.net\activatemyfios
    Trusted Zone: verizon.net\activatemyhsi
    Trusted Zone: verizon.net\activatemywifi
    Trusted Zone: verizon.net\wbadownload
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.net/xp/ScanFile.CAB
    FF - ProfilePath - c:\documents and settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Verizon
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
    FF - Ext: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - %profile%\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
    FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-14 18:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,65,db,1d,5f,42,6e,48,b1,70,a3,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,65,db,1d,5f,42,6e,48,b1,70,a3,\
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000003
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000002
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(692)
    c:\program files\Avira\AntiVir Desktop\avsda.dll
    .
    Completion time: 2014-01-14  19:01:11
    ComboFix-quarantined-files.txt  2014-01-15 00:00
    .
    Pre-Run: 112,808,566,784 bytes free
    Post-Run: 113,454,981,120 bytes free
    .
    - - End Of File - - EE60D090C2A6FF8F5AA3A00745EF3146
    8F558EB6672622401DA993E1E865C861
     



    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:00 AM

    Posted 14 January 2014 - 08:55 PM

    Hi,
     
    ComboFix

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      ClearJavaCache::
       
      DDS::
      uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
      BHO: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
      BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
      BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
      TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
      TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
      TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
      mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
       
      Firefox::
      FF - ProfilePath - c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
      FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
      FF - component: c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
      FF - Ext: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - %profile%\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
       
      Netsvc::
      brycjmir
       
      File::
      c:\program files\askpartnernetwork\toolbar\apnmcp.exe
       
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "135:TCP"=-
      "26675:TCP"=-
      "3724:TCP"=-
      "50000:UDP"=-
       
      Driver::
      APNMCP

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
       
      CFScriptB-4.gif
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
    81mYIKe.jpg  AdwCleaner
     
    Double click on AdwCleaner.exe to run the tool again.

    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • ------------
       
      Post the new ComboFix and AdwCleaner logs and let me know how your system is running.   :)

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 14 January 2014 - 10:04 PM

    Hi Jeff -

     

    ComboFix log:

     

    ComboFix 14-01-14.02 - Cory 01/14/2014  21:07:38.6.1 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2334 [GMT -5:00]
    Running from: c:\documents and settings\Cory\Desktop\Bleeping Computer\ComboFix.exe
    Command switches used :: c:\documents and settings\Cory\Desktop\Bleeping Computer\CFScript.txt
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    FILE ::
    "c:\program files\askpartnernetwork\toolbar\apnmcp.exe"
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\chrome.manifest
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\chrome\pagerage.jar
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\ConduitAutoCompleteSearch.js
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\ConduitAutoCompleteSearch.xpt
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\ConduitToolbar.idl
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\ConduitToolbar.js
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\ConduitToolbar.xpt
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.xpt
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.xpt
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\defaults\default_radio_skin.xml
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\defaults\fbAlert.js
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\install.rdf
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\lib\xpcom.js
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\META-INF\manifest.mf
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\META-INF\zigbert.rsa
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\META-INF\zigbert.sf
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\searchplugin\conduit.gif
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\searchplugin\conduit.ico
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\searchplugin\conduit.PNG
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\searchplugin\conduit.src
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\searchplugin\conduit.xml
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\setup.ini
    c:\documents and settings\cory\application data\mozilla\firefox\profiles\xhmct1ci.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\version.txt
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_APNMCP
    -------\Service_APNMCP
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-12-15 to 2014-01-15  )))))))))))))))))))))))))))))))
    .
    .
    2014-01-14 02:20 . 2014-01-14 02:21 -------- d-----w- C:\AdwCleaner
    2014-01-08 00:46 . 2014-01-08 00:47 -------- d-----w- c:\documents and settings\Administrator
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-17 12:52 . 2013-07-26 01:54 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2013-12-17 12:52 . 2013-07-26 01:54 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-12-11 15:52 . 2012-04-23 22:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-11 15:52 . 2011-06-03 12:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-19 15:10 . 2013-07-26 01:54 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-11-13 02:59 . 2004-08-10 16:51 150528 ----a-w- c:\windows\system32\imagehlp.dll
    2013-11-07 05:38 . 2004-08-10 16:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-11-06 01:03 . 2009-04-17 17:49 7168 ----a-w- c:\windows\system32\xpsp4res.dll
    2013-10-30 02:26 . 2004-08-10 16:51 1879040 ----a-w- c:\windows\system32\win32k.sys
    2013-10-29 07:57 . 2004-08-10 16:51 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-10-29 07:57 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-10-29 07:57 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-10-29 07:57 . 2004-08-10 16:50 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-10-29 00:45 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
    2013-10-23 23:45 . 2004-08-10 16:51 172032 ----a-w- c:\windows\system32\scrrun.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-05-21 1025264]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2011-5-4 505152]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-04-27 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
    2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-18 23:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "avgwd"=2 (0x2)
    "AVGIDSAgent"=2 (0x2)
    "AVG Security Toolbar Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\Cory\\My Documents\\Cory downloads\\SC2-WingsOfLibertyDemo-enUS-downloader.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II Public Test.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [7/25/2013 8:54 PM 37352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2013 8:54 PM 440376]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/25/2013 8:54 PM 1011768]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [8/3/2012 3:22 PM 350792]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [5/4/2011 10:32 AM 20480]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
    S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [5/4/2011 10:32 AM 167936]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/4/2011 10:31 AM 588032]
    S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/1/2008 9:09 PM 29522]
    S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [5/4/2012 7:50 PM 86528]
    S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [5/4/2012 7:50 PM 14976]
    S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [5/4/2012 7:50 PM 114304]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 21:20 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 15:52]
    .
    2014-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-16 15:05]
    .
    2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-16 15:05]
    .
    2014-01-15 c:\windows\Tasks\User_Feed_Synchronization-{0D5D94E8-7F5B-435F-9F4A-7CF483109193}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: verizon.net\activate
    Trusted Zone: verizon.net\activatemydsl
    Trusted Zone: verizon.net\activatemyfios
    Trusted Zone: verizon.net\activatemyhsi
    Trusted Zone: verizon.net\activatemywifi
    Trusted Zone: verizon.net\wbadownload
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.net/xp/ScanFile.CAB
    FF - ProfilePath - c:\documents and settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\
    FF - prefs.js: browser.search.selectedEngine - Verizon
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
    FF - Ext: Verizon Toolbar: {96ce3418-8ef3-45b5-8808-de5dbe03fb13} - %profile%\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-14 21:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,65,db,1d,5f,42,6e,48,b1,70,a3,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,65,db,1d,5f,42,6e,48,b1,70,a3,\
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000003
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000002
    "State"=dword:0000000b
    .
    [HKEY_USERS\S-1-5-21-1715682243-2341457156-4050740601-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(696)
    c:\program files\Avira\AntiVir Desktop\avsda.dll
    .
    - - - - - - - > 'explorer.exe'(3588)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2014-01-14  21:26:15 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-01-15 02:26
    ComboFix2.txt  2014-01-15 00:01
    .
    Pre-Run: 113,416,355,840 bytes free
    Post-Run: 113,349,603,328 bytes free
    .
    - - End Of File - - BE53BC06BE5FD28ED9D220A311AC98F0
    8F558EB6672622401DA993E1E865C861
     

     

    AdwCleaner log:

     

    # AdwCleaner v3.017 - Report created 14/01/2014 at 21:41:03
    # Updated 12/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Cory - BLESSING-1
    # Running from : C:\Documents and Settings\Cory\Desktop\Bleeping Computer\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\verizontb
    Folder Deleted : C:\Program Files\Yontoo Layers Client
    Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\verizontb
    Folder Deleted : C:\Documents and Settings\Cory\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Cory\Application Data\verizontb
    Folder Deleted : C:\Documents and Settings\Cory\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\verizontb
    Folder Deleted : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\Extensions\plugin@yontoo.com
    File Deleted : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\searchplugins\Conduit.xml

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Trymedia Systems
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    -\\ Mozilla Firefox v3.6.13 (en-US)

    [ File : C:\Documents and Settings\Cory\Application Data\Mozilla\Firefox\Profiles\xhmct1ci.default\prefs.js ]

    Line Deleted : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Line Deleted : user_pref("CT2418376.CTID", "CT2418376");
    Line Deleted : user_pref("CT2418376.CurrentServerDate", "10-9-2013");
    Line Deleted : user_pref("CT2418376.DialogsAlignMode", "LTR");
    Line Deleted : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.FirstServerDate", "20-3-2010");
    Line Deleted : user_pref("CT2418376.FirstTime", true);
    Line Deleted : user_pref("CT2418376.FirstTimeFF3", true);
    Line Deleted : user_pref("CT2418376.FixPageNotFoundErrors", true);
    Line Deleted : user_pref("CT2418376.GroupingServerCheckInterval", 1440);
    Line Deleted : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Line Deleted : user_pref("CT2418376.Initialize", true);
    Line Deleted : user_pref("CT2418376.InitializeCommonPrefs", true);
    Line Deleted : user_pref("CT2418376.InstalledDate", "Fri Mar 19 2010 22:52:48 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.IsGrouping", false);
    Line Deleted : user_pref("CT2418376.IsMulticommunity", false);
    Line Deleted : user_pref("CT2418376.IsOpenThankYouPage", false);
    Line Deleted : user_pref("CT2418376.IsOpenUninstallPage", true);
    Line Deleted : user_pref("CT2418376.LanguagePackLastCheckTime", "Tue Sep 10 2013 10:02:05 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);
    Line Deleted : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Line Deleted : user_pref("CT2418376.LastLogin_2.5.8.6", "Tue Sep 10 2013 10:02:05 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.LatestVersion", "3.20.0.4");
    Line Deleted : user_pref("CT2418376.Locale", "en");
    Line Deleted : user_pref("CT2418376.LoginCache", 4);
    Line Deleted : user_pref("CT2418376.MCDetectTooltipHeight", "83");
    Line Deleted : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Line Deleted : user_pref("CT2418376.MCDetectTooltipWidth", "295");
    Line Deleted : user_pref("CT2418376.SHRINK_TOOLBAR", 1);
    Line Deleted : user_pref("CT2418376.SavedHomepage", "resource:/browserconfig.properties");
    Line Deleted : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2418376&octid=EB_ORIGINAL_CTID&SearchSource=1");
    Line Deleted : user_pref("CT2418376.SearchFromAddressBarIsInit", true);
    Line Deleted : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=");
    Line Deleted : user_pref("CT2418376.SearchInNewTabEnabled", true);
    Line Deleted : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);
    Line Deleted : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
    Line Deleted : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
    Line Deleted : user_pref("CT2418376.SettingsCheckIntervalMin", 120);
    Line Deleted : user_pref("CT2418376.SettingsLastCheckTime", "Tue Sep 10 2013 10:02:04 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.SettingsLastUpdate", "1274627005");
    Line Deleted : user_pref("CT2418376.ThirdPartyComponentsInterval", 504);
    Line Deleted : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Tue Sep 10 2013 10:02:03 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1331805997");
    Line Deleted : user_pref("CT2418376.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Line Deleted : user_pref("CT2418376.UserID", "UN28123316767237458");
    Line Deleted : user_pref("CT2418376.alertChannelId", "812740");
    Line Deleted : user_pref("CT2418376.clientLogIsEnabled", false);
    Line Deleted : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Line Deleted : user_pref("CT2418376.myStuffEnabled", true);
    Line Deleted : user_pref("CT2418376.myStuffPublihserMinWidth", 400);
    Line Deleted : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Line Deleted : user_pref("CT2418376.myStuffServiceIntervalMM", 1440);
    Line Deleted : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Line Deleted : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2418376");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376");
    Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2418376");
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "PageRage Customized Web Search");
    Line Deleted : user_pref("extentions.y2layers.installId", "f673d689-352a-4e4d-a8e7-80d91495f634");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Documents and Settings\Cory\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    *************************

    AdwCleaner[R0].txt - [12904 octets] - [13/01/2014 21:20:47]
    AdwCleaner[R1].txt - [11424 octets] - [14/01/2014 21:33:39]
    AdwCleaner[S0].txt - [11606 octets] - [14/01/2014 21:41:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11667 octets] ##########



    #12 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:00 AM

    Posted 15 January 2014 - 11:11 AM

    And how is your system running now?  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #13 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 15 January 2014 - 09:57 PM

    I think you know that answer...  Things seem to be running much, much better.  Thank you.  Can you tell me what was the main causes of my PC problems?  Just trying to understand what all happened.  Thanks again for your help!



    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:00 AM

    Posted 16 January 2014 - 08:01 AM

    Good to hear!!  :)  As for what was wrong with your system....there were a lot of "junk" files on it created by some malware and that malware also changed some settings that we fixed.  

     

    When you ran DDS there should have been a log made named Attach.txt....could you post that?  


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 scribes

    scribes
    • Topic Starter

    • Members
    • 25 posts
    • OFFLINE
    •  
    • Local time:05:00 AM

    Posted 17 January 2014 - 09:45 AM

    Attached File  attach.txt   23.28KB   1 downloadsHi Jeff -

     

    This log is dated the 13th.  I'll attach it below.  Unless you need me to run it again.

     

    Thanks again for your help!!!

     

    Attach log is attached-

     

     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users